diff options
| author | Luiz Otavio O Souza <luiz@netgate.com> | 2016-05-11 12:48:11 -0500 |
|---|---|---|
| committer | Luiz Otavio O Souza <luiz@netgate.com> | 2016-05-12 10:59:34 -0500 |
| commit | b2fbeb687ab88416fde1db788240cd4694bf340b (patch) | |
| tree | 04ba6079b36282e4cff7fbc8f53f47f8836068e3 /sys/netipsec/ipsec_output.c | |
| parent | 67d971cff8b345311dc2317f112dd3c1b4a7fadf (diff) | |
| download | FreeBSD-src-b2fbeb687ab88416fde1db788240cd4694bf340b.zip FreeBSD-src-b2fbeb687ab88416fde1db788240cd4694bf340b.tar.gz | |
MFC r288418:
Take extra reference to security policy before calling crypto_dispatch().
Currently we perform crypto requests for IPSEC synchronous for most of
crypto providers (software, aesni) and only VIA padlock calls crypto
callback asynchronous. In synchronous mode it is possible, that security
policy will be removed during the processing crypto request. And crypto
callback will release the last reference to SP. Then upon return into
ipsec[46]_process_packet() IPSECREQUEST_UNLOCK() will be called to already
freed request. To prevent this we will take extra reference to SP.
PR: 201876
Sponsored by: Yandex LLC
TAG: IPSEC-HEAD
(cherry picked from commit 3e1742ed6cd844d82787f2fa5cd57652805c6b34)
Diffstat (limited to 'sys/netipsec/ipsec_output.c')
| -rw-r--r-- | sys/netipsec/ipsec_output.c | 16 |
1 files changed, 2 insertions, 14 deletions
diff --git a/sys/netipsec/ipsec_output.c b/sys/netipsec/ipsec_output.c index 7fc61ac..7045170 100644 --- a/sys/netipsec/ipsec_output.c +++ b/sys/netipsec/ipsec_output.c @@ -165,10 +165,6 @@ ipsec_process_done(struct mbuf *m, struct ipsecrequest *isr) * If this is a problem we'll need to introduce a queue * to set the packet on so we can unwind the stack before * doing further processing. - * - * If ipsec[46]_process_packet() will successfully queue - * the request, we need to take additional reference to SP, - * because xform callback will release reference. */ if (isr->next) { /* XXX-BZ currently only support same AF bundles. */ @@ -176,11 +172,7 @@ ipsec_process_done(struct mbuf *m, struct ipsecrequest *isr) #ifdef INET case AF_INET: IPSECSTAT_INC(ips_out_bundlesa); - key_addref(isr->sp); - error = ipsec4_process_packet(m, isr->next); - if (error != 0) - KEY_FREESP(&isr->sp); - return (error); + return (ipsec4_process_packet(m, isr->next)); /* NOTREACHED */ #endif #ifdef notyet @@ -188,11 +180,7 @@ ipsec_process_done(struct mbuf *m, struct ipsecrequest *isr) case AF_INET6: /* XXX */ IPSEC6STAT_INC(ips_out_bundlesa); - key_addref(isr->sp); - error = ipsec6_process_packet(m, isr->next); - if (error != 0) - KEY_FREESP(&isr->sp); - return (error); + return (ipsec6_process_packet(m, isr->next)); /* NOTREACHED */ #endif /* INET6 */ #endif |
